Google WiFi snooping: Company cleared by UK watchdog

Here's one for the "It pays to have awesome lawyers files": Google was cleared today by the UK's Information Commissioner Office (ICO) of any potential charges, although the group said that it would be watching other international developments closely. According to ZDNet UK,

"As we have only seen samples of the records collected in the UK we recognise that other data protection authorities conducting a detailed analysis of all the payload data collected in their jurisdictions may nevertheless find samples of information which can be linked to identifiable individuals," said the ICO statement. "However, on the basis of the samples we saw we are satisfied so far that it is unlikely that Google will have captured significant amounts of personal data."

The ICO added it had not seen any evidence that the data captured by Google had caused or could cause any harm to individuals

While Google has maintained that it "mistakenly" obtained payload data from unencrypted wireless networks as its StreetView cars roamed Britain's neighborhoods (and those in several other countries), many pundits and lawmakers had to wonder about this explanation. As I wrote back in mid-June,

What gets me the most, though, is the way Google collected these 600GB of personal data. As Ars Technica reports,

Put simply, a program called “gslite” sniffed packets from unprotected WiFi networks as Google’s Street View cars rolled down the street, separating out encrypted and unencrypted content. The encrypted data was dumped while the unencrypted data was then written to the car’s hard drive.

This isn’t a “Woops, sorry, as we took note of your access point location, SSID, and MAC address, we accidentally grabbed just a wee bit of data.” This is intentional harvesting of data without consent.

Not surprisingly, although the ICO was willing to overlook Google's "mistake," the London Metropolitan Police are still investigating. The ICO, according to the BBC, did, however, call Google's actions "wrong."

One has to wonder if the US class action lawsuit against Google, the 38-state investigation here in the states, or the far more extensive forensic investigations in other European countries will be as lenient. Other countries have already found evidence of saved passwords and personally identifiable data. Has any harm come of it? No, and Google has a vested interest in ensuring that it is seen as a trusted broker of data, so it's unlikely that any harm will come of these bits of data. The lawsuits and investigations are more about the principle of the thing.